How to Prioritize Your Cybersecurity Investments

One security control in particular was found to have the greatest ability to decrease cyberattacks.

5/2/2023 1:30 P.M.

If you have difficulty deciding how to effectively direct cybersecurity investments, you are not alone. Many organizations are unsure which controls to adopt, so they often use expert opinions rather than data to make decisions. This Using Data to Prioritize Cybersecurity Investments report directly links key cybersecurity controls commonly required by cyber insurers to a reduced chance of a cyber incident.


Automated hardening techniques were found, by a wide margin, to have the greatest ability of any control studied to decrease the likelihood of a successful cyberattack. Automated hardening techniques refer to the use of software tools and scripts to configure and secure computer systems, applications, and networks automatically. Common ones include vulnerability scanning, firewall configuration, password management, etc. Organizations with such techniques in place, which apply baseline security configurations to system components like servers and operating systems, are nearly six times less likely to have a cyber incident than those that do not.


The other top four controls determined most effective are privileged access management, endpoint detection and response, logging and monitoring, and patched systems.


The analysis also shows that MFA, one of the requirements of the FTC’s Safeguards Rule, only works when it is in place for all critical and sensitive data, for all remote login access, and for administrator account access. Organizations with such broad implementation are 1.4 times less likely to experience a successful cyberattack than those that do not have broad implementation.


If you need help with these or cybersecurity in general, reach out to our partner, TPx at

If you have executive leadership updates or other member news to share with ACA, contact our communications department at [email protected]. View our publications page for more information and our news submission guidelines here.


Collector Magazine


One moment please...

Share Profile

This site uses cookies. By continuing to use our site, you are agreeing to our use of cookies. Review our Privacy Policy for more information. You may change your preferences on how cookies are stored by reviewing the settings on your browser.

The content on this site is presented for educational, general reference, and informational purposes only; is not intended to serve as legal or other advice; is not intended to be a full and exhaustive explanation of the law in any area; and should not replace the advice of your own legal counsel. By continuing to use our site, you are agreeing to the legal disclaimers in our Terms of Use. Review our Terms of Use for more information.

Friendly Reminder

Get continued access to ACA International’s wide array of resources, which can help you become more profitable, compliant and successful.

Renew your membership today to take advantage of tools you won’t find anywhere else:

  • Discounts on seminars, products, services and events
  • Resources to strengthen your compliance department
  • Industry-specific risk management products and services
  • Participation in ACA’s online community, The Hub
    Members-only website content
  • Professional development and training opportunities, and so much more!

If you have completed your renewal, please disregard this reminder.